Cyware Weekly Cyber Threat Intelligence November 5 - 9, 2018

The Good
Friday is finally here folks, which means that it's time for your weekly roundup of the biggest cybersecurity news stories. Let’s begin with all the progressive steps that governments and private organizations have taken to enhance the security of the public. Singapore launched the first ever commercial risk pool that provides insurance to corporations. Meanwhile, security researchers have created a new AI system that is capable of accurately predicting cyberattacks.

  • Singapore launched the first ever commercial risk pool that provides insurance to corporations. The pool is aimed at protecting companies in Asean and Asia from financial losses and cyber-related losses in the face of mounting cyberthreats. The pool will commit up to US$1 billion in risk capacity and will be funded by traditional insurance, and insurance-linked securities markets to offer customized coverage.
  • Security researchers have created a new AI system, named DARKMENTION, that is capable of accurately predicting cyberattacks. The AI system is capable of monitoring online and dark web forums and gathers intelligence. DARKMENTION also contains a repository of over 500 cyberattacks that have previously occurred.
  • Google’s automated Fuzz bot has spotted over 9,000 security vulnerabilities over the past two years. Google launched OSS-Fuzz was in December 2016. The automated tool is capable of hunting for vulnerabilities in applications by applying a technique called fuzzing.

The Bad
The past week saw several massive data breaches and leaks occur, targeting organizations across the globe. Hackers hit every bank in Pakistan in a massive attack. The data of around 700,000 customers of American Express India was left inadvertently exposed in an unsecured MongoDB server. Meanwhile, the French firm Ingerop was hit by hackers who stole around 65 GB of data.

  • Hackers hit every bank in Pakistan in a massive attack. The data of nearly 8,000 bank account holders from 10 different banks have been put up for sale on the dark web. Although it is still unclear as to how this breach came about, PakCERT believes that some locals may have been involved in aiding the cybercriminals behind the attack, who are suspected to have been located outside the country.
  • The data of around 700,000 customers of American Express India was left inadvertently exposed in an unsecured MongoDB server. The unsecured database contained 689,272 records in plaintext. The data exposed included full names, email addresses, phone numbers, card details and more.
  • The French firm Ingerop was hit by hackers who stole around 65 GB of data relating to nuclear power plants, prisons, and tram networks. The information stolen on the nuclear power plants includes a document detailing a planned nuclear-waste dump in northeastern France and details of the oldest French nuclear power plant, Fessenheim, located at the France-Germany border.
  • HSBC bank’s US branch suffered a data breach that saw hackers compromise the personal data of several customers. The attackers may have gained access to customers’ full names, email addresses, phone numbers, physical addresses, dates of birth, account numbers, account types, account balances, and more.

New Threats
Over the past week, several new strains of malware and vulnerabilities have emerged. Security researchers discovered a new stealthy cryptomining malware. A 100,000-bot strong IoT botnet BCMUPnP_Hunter is currently pushing out massive spam email campaigns. Meanwhile, the Outlaw hacker group was found wielding the Shellbot botnet to target IoT devices and Linux systems.

  • Security researchers discovered a new stealthy cryptomining malware. Dubbed “Coinminer.Win32.MALXMR.TIAOODAM”, the malware is delivered onto victim machines as a Windows Installer MSI file. It is also capable of bypassing security filters and comes with a self-destruction mechanism.
  • A 100,000-bot strong IoT botnet BCMUPnP_Hunter is currently pushing out massive spam email campaigns. The botnet’s operators were spotted using a five-year-old vulnerability, which allows attackers to remotely execute malicious code on vulnerable routers. Although the botnet is targeting victims globally, so far, it has primarily infected victims in India, China, and the US.
  • The Outlaw hacker group was found wielding the Shellbot botnet to target IoT devices and Linux systems. The botnet is capable of allowing attackers to launch DDoS attacks, conduct port scans and more.
  • The notorious Kremlin-backed hacker group Fancy Bear’s customized malware LoJax was recently found capable of surviving OS reinstallations. LoJax is designed to deliver malware onto a targeted system and ensure that it begins operating when the computer starts up. In the event that an infection is successful, hackers could use the malware to continually and remotely access the infected system, as well as install and execute additional malware.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.